Extract all fields of a DER-encoded PKCS7 file?
Written by
on
in
Snaking.
Say you have a PKCS#7 file with an embedded code-image as a field, how would you go about extracting that field's contents? pyOpenSSL doesn't seem to have mechanisms for extracting/viewing arbitrary fields from PKCS7. pyasn1 can load the structures, but of course it doesn't have access to the meaning of the fields, and it doesn't seem to see the final blob field as an ASN1 field at all... I can just stop parsing at that point and consider the result "the file", but that's... ahem... a little sub-optimal.
The real question being: what do you use when they want to work with the arbitrary fields of a PKCS7 file? I'll eventually need to *generate* such files (with lots of specified fields) as well as "consume" them, so I'm looking more for robust real-world solutions than hacks.
Comments
Comments are closed.
Pingbacks
Pingbacks are closed.
Jean-Paul Calderone on 04/07/2010 9:28 p.m. #
Does https://code.launchpad.net/~mmzeeman/pyopenssl/pkcs7-extensions help? It adds some PKCS#7 APIs, but I'm not sure what kind of "fields" you have in mind, and it may still not go far enough. Also, I don't really know all that much about PKCS#7.
Mike Fletcher on 04/07/2010 10:02 p.m. #
Unfortunately, no, as with all the other OpenSSL-based approaches I've tried, it just reports "no data" for these files. That said, it's the API I'd need if it were to work with these files (I really only need the certs and the binary blob, all fields was just the general case).
I'm asking their author how he's created them now (they're proprietary), hopefully that will shed some light on why nothing seems to be able to parse them even as generic ASN.1.
Christopher Schnarchen on 04/08/2010 9:15 a.m. #
COMMENT_DELETED
Mike Fletcher on 04/08/2010 10:53 a.m. #
There's 6 links in a box on the left-hand side of the page.
Duh, bloody spammers got me again! Apparently "where is the rss link" is the new "great post, keep posting".
Mike Fletcher on 04/08/2010 11:24 a.m. #
And, in fact, it turns out these files are *not* encoded with the data in the PKCS7 blob/payload, they've just had the data concatenated to the PKCS7 detached signature (sigh).